feat(providers): add Beyond Identity Provider (#6013)

* Add Beyond Identity Provider * Add Beyond Identity OIDC Provider * Add Beyond Identity OIDC Provider * Add "pkce" support * Mirror Auth0 instead of Okta * Code Review feedback
2026-05-01 10:55:20 +00:00 · 2023-02-22 23:04:21 -05:00
parent 2130765a57
commit 99ac4899b5
6 changed files with 129 additions and 14 deletions
--- a/.github/ISSUE_TEMPLATE/2_bug_provider.yml
+++ b/.github/ISSUE_TEMPLATE/2_bug_provider.yml
@@ -32,6 +32,7 @@ body:
        - "Azure Active Directory"
        - "Azure Active Directory B2C"
        - "Battlenet"
+        - "Beyond Identity"
        - "Box"
        - "Bungie"
        - "Cognito"
--- a/apps/dev/nextjs/.env.local.example
+++ b/apps/dev/nextjs/.env.local.example
@@ -17,9 +17,13 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=

-KEYCLOAK_ID=
-KEYCLOAK_SECRET=
-KEYCLOAK_ISSUER=
+# Beyond Identity Provider
+BEYOND_IDENTITY_CLIENT_ID=
+BEYOND_IDENTITY_CLIENT_SECRET=
+BEYOND_IDENTITY_ISSUER=
+
+GITHUB_ID=
+GITHUB_SECRET=

 NOTION_ID=
 NOTION_SECRET=
@@ -29,8 +33,15 @@ IDS4_ID=
 IDS4_SECRET=
 IDS4_ISSUER=

-GITHUB_ID=
-GITHUB_SECRET=
+KEYCLOAK_ID=
+KEYCLOAK_SECRET=
+KEYCLOAK_ISSUER=
+
+LINE_ID=
+LINE_SECRET=
+
+TRAKT_ID=
+TRAKT_SECRET=

 TWITCH_ID=
 TWITCH_SECRET=
@@ -38,11 +49,8 @@ TWITCH_SECRET=
 TWITTER_ID=
 TWITTER_SECRET=

-LINE_ID=
-LINE_SECRET=
-
-TRAKT_ID=
-TRAKT_SECRET=
+WIKIMEDIA_ID=
+WIKIMEDIA_SECRET=

 # Example configuration for a Gmail account (will need SMTP enabled)
 EMAIL_SERVER=smtps://user@gmail.com:password@smtp.gmail.com:465
@@ -55,12 +63,9 @@ EMAIL_FROM=user@gmail.com
 # MongoDB:  DATABASE_URL=mongodb://nextauth:password@127.0.0.1:27017/nextauth?synchronize=true
 DATABASE_URL=

-WIKIMEDIA_ID=
-WIKIMEDIA_SECRET=
-
 # Supabase Example Configuration
 # Supabase Example Configuration
 # NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
 # SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSJ9.vI9obAHOGyVVKa3pD--kJlyxp-Z2zV9UUMAhKpNLAcU
 # SUPABASE_JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long
-# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs
+# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs
--- a/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
+++ b/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
@@ -6,6 +6,7 @@ import Asgardeo from "@auth/core/providers/asgardeo"
 import Auth0 from "@auth/core/providers/auth0"
 import AzureAD from "@auth/core/providers/azure-ad"
 import AzureB2C from "@auth/core/providers/azure-ad-b2c"
+import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
@@ -92,6 +93,7 @@ export const authConfig: AuthConfig = {
      tenantId: process.env.AZURE_AD_TENANT_ID,
    }),
    AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
+    BeyondIdentity({ clientId: process.env.BEYOND_IDENTITY_CLIENT_ID, clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET, issuer: process.env.BEYOND_IDENTITY_ISSUER }),
    BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
    // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
    Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
--- a/docs/static/img/providers/beyondidentity-dark.svg
+++ b/docs/static/img/providers/beyondidentity-dark.svg
@@ -0,0 +1,4 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg" role="img">
+  <!-- <path d="M15.968 0 7.684 16.57 3.763 8.726H.949L7.684 21.47 18.783 0h-2.815ZM6.767 27.162v2.878h2.498v-7.747l-2.498 4.869Z" fill="#5077C5"/> -->
+  <path d="M 22.102,0 13.818,16.57 9.897,8.726 H 7.083 L 13.818,21.47 24.917,0 Z m -9.201,27.162 v 2.878 h 2.498 v -7.747 z" fill="#5077c5"/>
+</svg>
--- a/docs/static/img/providers/beyondidentity.svg
+++ b/docs/static/img/providers/beyondidentity.svg
@@ -0,0 +1,4 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg" role="img">
+  <!-- <path d="M15.968 0 7.684 16.57 3.763 8.726H.949L7.684 21.47 18.783 0h-2.815ZM6.767 27.162v2.878h2.498v-7.747l-2.498 4.869Z" fill="#5077C5"/> -->
+  <path d="M 22.102,0 13.818,16.57 9.897,8.726 H 7.083 L 13.818,21.47 24.917,0 Z m -9.201,27.162 v 2.878 h 2.498 v -7.747 z" fill="#5077c5"/>
+</svg>
--- a/packages/core/src/providers/beyondidentity.ts
+++ b/packages/core/src/providers/beyondidentity.ts
@@ -0,0 +1,99 @@
+/**
+ * <div style={{backgroundColor: "#5077c5", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Beyond Identity</b> integration.</span>
+ * <a href="https://www.beyondidentity.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/beyondidentity-dark.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * ---
+ * @module providers/beyondidentity
+ */
+
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+/** @see [Beyond Identity Developer Docs](https://developer.beyondidentity.com/) */
+export interface BeyondIdentityProfile {
+  /** The user's unique identifier. */
+  sub: string
+  /** The user's full name. */
+  name: string
+  /** The user's preferred username. */
+  preferred_username: string
+  /** The user's email address. */
+  email: string
+}
+
+/**
+ * Add Beyond Identity login to your page.
+ *
+ * ## Example
+ *
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import BeyondIdentity from "@auth/core/providers/beyondidentity"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await Auth(request, {
+ *   providers: [BeyondIdentity({ clientId: "", clientSecret: "", issuer: "" })],
+ * })
+ * ```
+ *
+ * ---
+ *
+ * ## Resources
+ *
+ * - [Beyond Identity Developer Docs](https://developer.beyondidentity.com/)
+ *
+ * ---
+ *
+ * ## Notes
+ *
+ * By default, Auth.js assumes that the BeyondIdentity provider is
+ * based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.
+ *
+ * :::tip
+ *
+ * The BeyondIdentity provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/beyondidentity.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+
+export default function BeyondIdentity(
+  config: OIDCUserConfig<BeyondIdentityProfile>
+): OIDCConfig<BeyondIdentityProfile> {
+  return {
+    id: "beyondidentity",
+    name: "Beyond Identity",
+    type: "oidc",
+    profile(profile) {
+      return {
+        id: profile.sub,
+        email: profile.email,
+        name: profile.name,
+        image: null,
+        preferred_username: profile.preferred_username,
+      }
+    },
+    style: {
+      logo: "/beyondidentity.svg",
+      logoDark: "/beyondidentity-dark.svg",
+      bg: "#fff",
+      bgDark: "#5077c5",
+      text: "#5077c5",
+      textDark: "#fff",
+    },
+    options: config,
+  }
+}